However, with innovation comes risk. Cyber vulnerabilities are emerging as a critical challenge for property managers, landlords, and tenants, making robust vulnerability management a crucial priority.
Vulnerability management involves identifying, assessing, and addressing system, network, and device weaknesses. It's a continuous process that goes beyond routine patching. For the commercial property sector, this means tackling unique challenges, like securing building management systems, connected IoT devices, and tenant IT infrastructures. All of these can introduce exploitable entry points for cyber attacks.
Take, for instance, the rise in Operational Technology (OT) and Internet of Things (IoT) attacks. OryxAlign worked with Landsec, one of the UK's leading real estate groups, to address this growing threat. Our vulnerability scanning revealed critical risks across their 32-property portfolio. By prioritising remediation efforts and aligning with the NIST Cyber Security Framework, we helped Landsec reduce their exposure to cyber risks when OT and IoT attacks surged from 32 million in 2018 to over 112 million in 2022.
Read the full case study here.
The challenge of diverse technology ecosystems
Modern commercial properties rely on a patchwork of legacy systems, IoT devices, and proprietary software. Legacy systems, which were often designed before cyber security became a priority, are especially vulnerable. Add to this the sheer number of IoT devices like smart cameras, connected locks, and environmental sensors, and the attack surface expands significantly.
IoT vulnerabilities often stem from weak authentication, outdated firmware, or default credentials. For example, during our work at 20 Fenchurch Street (the "Walkie-Talkie"), OryxAlign revamped the building's IT infrastructure, implementing robust monitoring and support for critical systems. By addressing vulnerabilities within IoT networks and isolating these devices, we safeguarded operational continuity while enabling the building's advanced technology features.
Effective vulnerability management is impossible without an accurate inventory of connected devices and systems. The use of unauthorised devices and software (Shadow IT) complicates this task further. At OryxAlign, we leverage advanced asset discovery tools to map out digital ecosystems, ensuring no device or system is left unmonitored.
"Visibility is the key to managing vulnerabilities effectively," says Peter Schwarz, Senior Technology Consultant at OryxAlign. "We help clients maintain real-time oversight of their systems, paired with regular security training to address the human element of cyber security."
Third-party vendors play a central role in property management, providing everything from cloud services to building automation software. However, vulnerabilities in vendor systems can cascade into a property's operations, introducing risks that are difficult to control.
Vendor risk management is an essential aspect of vulnerability management. Property managers need to evaluate the security practices of their vendors, require regular audits, and ensure contracts include provisions for cyber security accountability.
Even with the best technology in place, human error remains a significant vulnerability. Phishing scams, weak passwords, and untrained staff can expose even the most secure systems. Comprehensive cyber security training programs can help reduce human error and improve awareness. Clear policies and regular communication are essential to fostering a culture of security among all stakeholders.
Find out more about the human factor in our blog: The Human Factor in the vulnerability management process.
The future of vulnerability management in the commercial property sector lies in adopting proactive, technology-driven approaches. OryxAlign's VMaaS (Vulnerability Management as a Service) solution combines automated asset discovery, real-time threat prioritisation, and streamlined remediation processes. Advanced tools like AI-driven detection, penetration testing, and automated patching empower property managers to stay ahead of evolving threats.
As emerging technologies like 5G and edge computing reshape the landscape, new challenges will be introduced. By prioritising visibility, vendor accountability, and ongoing employee training, C-suite leaders can transform cyber security from a challenge into a strategic advantage, ensuring their properties are smart and secure.
For more insights into our vulnerability management services, visit our cyber security page or email us at hello@oryxalign.com.